Attackers stole tens of millions of current, former or prospective customers’ personal data, the company confirmed. It’s providing 2 years of free ID protection.
T-Mobile has confirmed much of what a threat actor bragged about over the weekend: Personal details for tens of millions of current, former or prospective T-Mobile customers were stolen in a huge breach of its servers.
On Tuesday, it disclosed further details on the data breach in a post on its website, saying that the breach affects as many as 7.8 million postpaid subscribers, 850,000 prepaid customers and “just over” 40 million past or prospective customers who’ve applied for credit with T-Mobile.
Its investigation is ongoing, but so far, it doesn’t look like financial data, credit card information, debit or other payment information was in the stolen files, T-Mobile said. The wireless carrier said that it located and “immediately” closed the access point in its servers that it believes granted access to the attacker(s).
Forrester Analyst Allie Mellen told Threatpost on Wednesday that this attack wasn’t exactly rocket science. “According to the attackers, this was a configuration issue on an access point T-Mobile used for testing,” she said via email. “The configuration issue made this access point publicly available on the Internet. This was not a sophisticated attack; this was not a zero day. T-Mobile left a gate left wide open for attackers – and attackers just had to find the gate.”